Exchange: High Volume Email for Microsoft 365

🚨 The Signal: A new service, High Volume Email, allows sending internal messages beyond Exchange Online limits for line-of-business applications. This expands the attack surface for internal email-based threats and requires careful configuration.

The Impact

Security teams and application owners are affected by the increased risk of internal email abuse and data exfiltration.

• Security Teams: Increased risk of internal phishing and spam due to higher sending volumes.
• Application Owners: New responsibility for securing high-volume email sending applications.
• Compliance Officers: Need to update email security policies and attestations.
• Incident Responders: Potential for more complex internal email-borne incident investigations.

The Action

1. Review and update email security policies to include High Volume Email service usage.
2. Implement strict authentication and authorization for applications using High Volume Email.
3. Configure transport rules and anti-spam policies specifically for High Volume Email traffic.
4. Monitor High Volume Email logs for unusual sending patterns or suspicious activity.
5. Educate application owners on secure coding practices for email sending applications.

Domain: Exchange · Impact: high · Workload: Exchange Online